安裝私人docker registry

環境準備

  • 安裝docker & docker compose
  • 建立一個目錄(如:backup)放置映像檔及設定檔
  • 設定環境變數:REGISTRY_STORAGE_DELETE_ENABLED=true
  • 掛載目錄:/backup/registry/images:/var/lib/registry、/mnt/shopee/backup/registry/config/config.yml:/etc/docker/registry/config.yml

Docker Registry 映像檔內部目錄採用port 500當作接收映像檔的服務埠。

設定 docker proxy

/etc/systemd/system/docker.service.d/http-proxy.conf

[Service]
Environment="HTTP_PROXY=http://140.109.12.18:3128/"
Environment="NO_PROXY=localhost,127.0.0.0/8,devdockersrv.test5.sinica.edu.tw,10.109.10.22"

sudo systemctl daemon-reload
sudo systemctl restart docker

完整設定擋

version: '3.7'
services:
  registry:
    image: registry:2
    container_name: docker-registry
    labels:
      - "PROJECT=registry"
    ports:
      - 5000:5000
    networks:
      - docker-registry-network
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    volumes:
      - "/data/images:/var/lib/registry"
      - "config.yml:/etc/docker/registry/config.yml"
registry-ui:
    image: konradkleine/docker-registry-frontend:v2
    container_name: registry-ui
    labels:
      - "PROJECT=registry"
    ports:
      - 3000:80
    networks:
      - docker-registry-network
    environment:
      - ENV_DOCKER_REGISTRY_PORT=5000
      - ENV_DOCKER_REGISTRY_HOST=registry
    depends_on:
      - registry
networks:
  docker-registry-network:
    name: docker-registry-network
    labels:
      - "PROJECT=registry"

啟動:docker-compose -f docker-compose.registry.yml up -d

使用私有Registry Push or Pull 映像檔

假設主機位置為:devdockersrv.test5.sinica.edu.tw

儲存映像檔
docker pull hello-world  // 從遠端取得映像檔
// tag 映像檔 
// 格式:docker tag IMAGE[:TAG] [REGISTRY_HOST[:REGISTRY_PORT]/]REPOSITORY[:TAG]
docker tag hello-world devdockersrv.test5.sinica.edu.tw:5000/hello-world:1.0
// 此時用 docker images 會出現剛剛的新tag
docker push devdockersrv.test5.sinica.edu.tw:5000/hello-world:1.0

第一次執行應該會看到下面的訊息或畫面:

Get https://159.100.243.157:5000/v2/: http: server gave HTTP response to HTTPS client

解決的方式有兩種:更改 docker的daemon.json 或 設定 HTTPS。

更改daemon.json

找到 /etc/docker/daemon.json,加入下列資訊後,重新啟動docker( systemctl restart docker )即可。

{
“insecure-registries” : [“devdockersrv.test5.sinica.edu.tw:5000”]
}

查看Repostry
curl -X GET http://devdockersrv.test5.sinica.edu.tw:5000/v2/_catalog

// 返回
{"repositories":["hello-world"]}
取回映像檔

docker pull devdockersrv.test5.sinica.edu.tw:5000/demo:redis
  • 刪除映像檔
# Delete image need to get image's digest
$ curl -v devdockersrv.test5.sinica.edu.tw:5000/v2/demo/manifests/redis -H 'Accept: application/vnd.docker.distribution.manifest.v2+json'
# Then you will find a field name "Docker-Content-Digest:"
# Then use the digest value to the delete api
$ curl -X DELETE -v devdockersrv.test5.sinica.edu.tw:5000/v2/demo/manifests/sha256:8b5e24dd14cff03e0db8f372e6fd5a9a0f29af771122ef8e94917317db8c39f9

// 或直接用CLI
docker image rm devdockersrv.test5.sinica.edu.tw:5000/ubuntu:latest

增加安全設定(HTTPS)

到目前為止已經可以用HTTP進行資料傳輸,不過依據官方建議,最好還是把HTTPS安全通訊協定設定起來會比較安全。

參考資料